in Kerberos
Re: Setting up the KDC ldap backend
daemon@ATHENA.MIT.EDU (John Byrne)
Wed Feb 6 12:21:27 2019
From: John Byrne <firstname.lastname@example.org>
Date: Wed, 6 Feb 2019 12:21:08 -0500
To: Todd Grayson <email@example.com>
Cc: "kerberos@MIT.EDU" <firstname.lastname@example.org>
Content-Type: text/plain; charset="us-ascii"
Thanks for the replies. I had found a walkthrough on setting up LDAP on
it's own on that site too:
And that explained how to set up the user with the access I needed - that
got me past that error from my last email.
Now I'm getting this:
$ kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// create -s
Password for "cn=admin,dc=example,dc=com":
Initializing database for realm 'EXAMPLE.COM'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
kdb5_ldap_util: Kerberos Container create FAILED: No such object while
creating realm 'EXAMPLE.COM'
I'll take a look at the tutorial you linked to, but I just thought I'd post
this and see if anyone recognizes the error message.
On Wed, Feb 6, 2019 at 11:49 AM Todd Grayson <email@example.com> wrote:
> I'm not sure whats going on with the error message you are seeing.
> AS far as how to info: The hortonworks community has a walkthrough of MIT
> KDC with LDAP backend on CentOS7, here:
> On Tue, Feb 5, 2019 at 1:33 PM John Byrne <firstname.lastname@example.org> wrote:
>> I'm trying to set up the KDC with the LDAP plugin. I've been using:
>> as references (I'm not using Ubuntu, I'm using CentOS 7 but most of the
>> info on the Ubuntu page above seems to be fairly generic).
>> When I run the command to create the database, it challenges me for a
>> password. I didn't set one up, and if I just hit enter, I get this:
>> $ sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// create -s
>> Password for "cn=admin,dc=example,dc=com":
>> kdb5_ldap_util: Cannot allocate memory while retrieving ldap configuration
>> Now, I don't really know much about LDAP, so I could be missing something.
>> Do I have to create "cn=admin,dc=example,dc=com" as a user somehow before
>> run this?
>> I've tried reading up on LDAP, but I haven't found anything that explains
>> what I need to do here. I'm looking for a shortcut to the quickest
>> setup - I don't really need LDAP except that I'm trying to test
>> delegation in a web application, and apparently that only works with the
>> LDAP backend.
>> Can anyone explain what's the bare minimum I need to do to get this
>> Kerberos mailing list Kerberos@mit.edu
> Todd Grayson
> Customer Operations Engineering
> Security SME
Kerberos mailing list Kerberos@mit.edu